[horde] horde/passwd

Anton Köstlbacher horde3 at dingsbums.org
Tue Dec 9 15:23:25 UTC 2014 

Am 09.12.2014 um 15:53 schrieb Jan Schneider:
>
> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
>
>> Am 09.12.2014 um 11:32 schrieb Jan Schneider:
>>>
>>> Zitat von Anton Köstlbacher <horde3 at dingsbums.org>:
>>>
>>>> Hello Horders,
>>>>
>>>> my installation of horde (5.2.4) works great but i'm still trying to
>>>> improve configuration if possible.
>>>>
>>>> I switched horde auth from imp+imap to sql-auth with custom queries
>>>> against my postfix/dovecot mailbox db and entered all necessary
>>>> queries. Works like a charm.
>>>>
>>>> Then I installed horde passwd to enable customers to change passwords.
>>>> If I set backend to "hordeauth" in
>>>> webmail/passwd/config/backends.local.php and try to change the
>>>> password, it doesn't work. I get logged out, but password stays the
>>>> same.
>>>>
>>>> Questions:
>>>>
>>>> Do I have to set "sql" as backend for passwd and enter the same
>>>> queries as in horde conf or what else could be wrong?
>>>
>>> No, should work as you have set it up.
>>
>> Seems the parameter \O ("old password") in my update query does not
>> get populated correctly.
>>
>> My update query:
>>
>> $conf['auth']['params']['query_update'] = 'UPDATE mailbox SET password
>> = \P WHERE username = \L AND password = \O';
>>
>> Actual query in debug log:
>>
>> 2014-12-09T12:37:02+01:00 DEBUG: HORDE [passwd] SQL  (0,0012s)
>>         UPDATE mailbox SET password = 'mynewpassword'
>>           WHERE username = 'adress at domain.de' AND password =
>>           'adress at domain.de' [pid 29191 on line 208 of
>> "/usr/share/php/Horde/Db/Adapter/Pdo/Base.php"]
>
> That's a bug then.

No, I think it's my fault. Info in horde conf auth tab says:

"Some special tokens can be used in the sql query. They are replaced at 
the query stage: "\O" will be replaced by the old user's login (required 
for update)".

I wrongly read it as: "\O" will be replaced by the user's old password 
(required for update)".

Sorry, just filed a bug ticket, please delete ticket 13745. :-/

>>>> How can I force users to change their passwords on first login and
>>>> also after a defined period of time?
>>>
>>> Contrary to the SQL or LDAP driver, the CustomSQL driver doesn't support
>>> password expiration (yet).
>>
>> Ok, I see. Sponsoring possible? Just write an email, if interested.
>
> Sure, write to info at horde.org so we have the request in the ticket
> system and make a proposal from there.

Ok.

More information about the horde mailing list